Related
Just a thread for the few USCC people here - I've tried to UL the bootloader using TMO instructions - no go. It will reboot into the bootloader but it asks for the unlock.bin key (fastboot oem unlock returns an unknown command error). So at least theirs that much
Phone will also boot into recovery, and I get the associated normal options there (clear, mount /system, wide device/cache, load update via ADB, load update via SD, view recovery logs, etc). Interesting thing happens when I select "run graphics test" from the recovery menu - it gives an error, then the "no command" icon, then multicolor circles rotating - but it says "erasing" then "installing system update" then goes back to the recovery menu. Not sure if it's normal, but it's interesting.
I'm not a dev or a software guy really, but would like to hear some thoughts on the USCC version...would love to have root like the TMO - especially since it will get into the fastboot menu. Wish I knew more so I could be more help.
Same I'd like to here more about this since the unlocked version comes with an unlocked bootloader. I think it's because the T-Mobile version got released first so they had the jump start, and the unlocked version took till the 11th to be released so it's like we're late.
Killah1994 said:
Same I'd like to here more about this since the unlocked version comes with an unlocked bootloader. I think it's because the T-Mobile version got released first so they had the jump start, and the unlocked version took till the 11th to be released so it's like we're late.
Click to expand...
Click to collapse
you are talking about three different devices lol.. apparently USCC v20 is locked like everyone else.. TMobile typically allows BL unlocks, not because it was out first? and the unlocked variant is obviously from LG and unlockable by default...
elliwigy said:
you are talking about three different devices lol.. apparently USCC v20 is locked like everyone else.. TMobile typically allows BL unlocks, not because it was out first? and the unlocked variant is obviously from LG and unlockable by default...
Click to expand...
Click to collapse
There you go, knew I was getting something mixed up.
us996 comes with an unlocked bootloader? what? I'm pretty sure mines locked like the rest...
Sent from my LG-US996 using Tapatalk
jayochs said:
us996 comes with an unlocked bootloader? what? I'm pretty sure mines locked like the rest...
Click to expand...
Click to collapse
if u read my previous post u can see i said the uscc BL is locked lol like everyone else
I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?
Abumarf said:
I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?
Click to expand...
Click to collapse
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.
Ephemera said:
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.
Click to expand...
Click to collapse
does he have a copy of the debug kernel? you can pm me a link if possible thatd be great so we can take a look at it.. if it is an eng kernel, it could potentially help to root other variants with locked BLs
---------- Post added at 02:41 AM ---------- Previous post was at 02:40 AM ----------
Ephemera said:
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.
Click to expand...
Click to collapse
can you upload your aboot and kernel etc? if theyre eng or debug files im interested to check them out
---------- Post added at 02:41 AM ---------- Previous post was at 02:41 AM ----------
Abumarf said:
I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?
Click to expand...
Click to collapse
can you upload your aboot and kernel etc? if theyre eng or debug files im interested to check them out
@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.
Abumarf said:
@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.
Click to expand...
Click to collapse
hopefully you are able to as it shouldnt really take any time at all lol.. it would really help a lot of ppl out if it is in fact a debug kernel..
the root we have is a temp tcp root shell using a context we cant really do anything we need to do at all so it was pretty much a dead end so far
Abumarf said:
@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.
Click to expand...
Click to collapse
I will pay you for the debug files
I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.
Abumarf said:
I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.
Click to expand...
Click to collapse
you wont b doing anything to the phone.. if u have an adb root shell would just be copying a few files from the phone.. we can even tell you exactly what commands to use to make it easy.. we can invite you to a google hangout even so we can explain each step
Abumarf said:
I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.
Click to expand...
Click to collapse
Whay are you asking for the phone?
I was looking to get what I spent for it, around $800
elliwigy said:
if u read my previous post u can see i said the uscc BL is locked lol like everyone else
Click to expand...
Click to collapse
yeah, the US cellular us996. it's different from the American unlocked us996. according to LG anyway, it lists it as two different phones.
I'm not on a US cellular one. I'm in an unlocked one with Verizon. the post above you said unlocked had unlocked bootloader. mines as unlocked as you get, and it doesn't have an unlocked bootloader.
Sent from my LG V20 US996
http://developer.lge.com/community/...nuId=38&contsTypeCode=QUE&prodTypeCode=MOBILE
Make yourselves heard. Let LG know we want the bootloader to be unlockable on the US996. I've talked to their live chat and they claim that they "didn't know people would want to unlock their bootloader". Show them we do.
Abumarf said:
I was looking to get what I spent for it, around $800
Click to expand...
Click to collapse
Ok if you download terminal emulator and type in get prop and send me the screen shots so i can verify it is indeed a debug kernel i will buy it from you but i would like to have proof of debug kernel
Sure, here it is: https://drive.google.com/file/d/0BwI6DTQJV37Ob1BwRkRab0xPRkk/view?usp=drivesdk
Also the phone is already up on Swappa
---------- Post added at 08:45 PM ---------- Previous post was at 08:36 PM ----------
@rickberg forgot to tag you
i think he did, or i do not know how to navigate his site. can anyone double check?
Did you see this part at the end of the instructions?
"UNLOCK BOOTLOADERS
If you have locked bootloaders, flashing one of these will probably brick your device - with the exception of Nexus devices, which will usually automatically "OEM unlock" and wipe your data !"
I reckon if you're on stock NRD90M.G920VVRS4DQD1 your bootloader is locked.
isn't it possible to downgrade and upgrade Verizon roms for the G6 as long as we remain anove 5.1.1?
by the way, there are two Nougat roms available for the G6 over at samsung-updates, one ends in ...DQD1 and the otherone ends i ...DQE1.
There is a root from Vhai fire for the ...DQD1, not for the other one, but... because both roms are Verizon's and meant for the same device, flashing either one shouldn't brick the device, because both have Verizon's digital signature.
is that how it works?
***
honestly i just want to root the phone, im fine with the stock firmware.
nevermind, you are totally right. however, the fact that chainfire released a root for the ...DQD1 tells me he had to have unlocked the bootloader first, which now brings us to the question... how did he unlock the bootloader?
You could downgrade to the OK7 firmware and root that. The string attached is that you will need to run MrMike2182's rootatboot script every time you want to boot the phone.
so has anyone tried this? does it work?
I know it trips KNOX but i don't really care. i just dont want a brick.
EvilRubberDuck said:
Did you see this part at the end of the instructions?
"UNLOCK BOOTLOADERS
If you have locked bootloaders, flashing one of these will probably brick your device - with the exception of Nexus devices, which will usually automatically "OEM unlock" and wipe your data !"
I reckon if you're on stock NRD90M.G920VVRS4DQD1 your bootloader is locked.
Click to expand...
Click to collapse
sikk, then all i need is a unlocked bootloader and im rooted! :good:
Arethmetik said:
sikk, then all i need is a unlocked bootloader and im rooted! :good:
Click to expand...
Click to collapse
Good luck for that Verizon won't budge and there's no development at all.
xdanilva said:
Good luck for that Verizon won't budge and there's no development at all.
Click to expand...
Click to collapse
This makes me so sad. What phone should I get next that is root-friendly, i.e. I can keep the software/firmware up to date and still keep my root.
Smidley said:
This makes me so sad. What phone should I get next that is root-friendly, i.e. I can keep the software/firmware up to date and still keep my root.
Click to expand...
Click to collapse
Any phone that doesn't use verizon or at&t as a carrier
---------- Post added at 05:04 AM ---------- Previous post was at 05:03 AM ----------
There's temporary root for this phone and it works but that's it
xdanilva said:
Any phone that doesn't use verizon or at&t as a carrier
---------- Post added at 05:04 AM ---------- Previous post was at 05:03 AM ----------
There's temporary root for this phone and it works but that's it
Click to expand...
Click to collapse
Thanks for the reply.
Is US Cellular root-friendly? I've been waiting for the Pixel 2 to be released, but I want to make sure I can root it and still keep it up to date.
Also, I am still interested in the temporary root on the S6 if it means I can update to Nougat. Looking into MrMike2182's rootatboot now. Thanks!
Smidley said:
Thanks for the reply.
Is US Cellular root-friendly? I've been waiting for the Pixel 2 to be released, but I want to make sure I can root it and still keep it up to date.
Also, I am still interested in the temporary root on the S6 if it means I can update to Nougat. Looking into MrMike2182's rootatboot now. Thanks!
Click to expand...
Click to collapse
S6 root only runs under android 5.1.1 also you need a vm to flash the kernel to the phone. Us cellular is root-friendly. Only at&t and verizon and sprint and T-Mobile lock their bootloaders.
leandrummer said:
nevermind, you are totally right. however, the fact that chainfire released a root for the ...DQD1 tells me he had to have unlocked the bootloader first, which now brings us to the question... how did he unlock the bootloader?
Click to expand...
Click to collapse
Chainfire just runs an automated script which generates a CF-Auto-Root file for ANY model, whether the bootloader is locked or not.
So the answer is, he didn't unlock it, but simply generated a file regardless, and it's up to the user to figure out the their bootloader status.
Smidley said:
Thanks for the reply.
Is US Cellular root-friendly? I've been waiting for the Pixel 2 to be released, but I want to make sure I can root it and still keep it up to date.
Also, I am still interested in the temporary root on the S6 if it means I can update to Nougat. Looking into MrMike2182's rootatboot now. Thanks!
Click to expand...
Click to collapse
Same as Verizon, it's locked down tightly.
Your best bet would be a Sprint version, which has an unlocked bootloader and can be unlocked for both GSM (ATT /TMO) and LTE (VZW) with the proper equipment (unlocking boxes). Or the Tmobile version also has an unlocked bootloader which can be unlocked using online unlocking services but it will only work with GSM cards (ATT/TMO, no VZW!). Both can be rooted via CF-Auto-Root and/or through custom recovery.
Temp root can let u flash a recovery. That's all u need
jerryspring said:
Temp root can let u flash a recovery. That's all u need
Click to expand...
Click to collapse
The bootloader is locked you can't flash a custom recovery
Shaden Stewart said:
The bootloader is locked you can't flash a custom recovery
Click to expand...
Click to collapse
Yes... I know...it's a hypothetical statement. Lol
Would it be possible to sign packages like twrp or cwm to bypass the bl
I think no need to Downgrade the firmware if there is another method to root the phone without unlocking bootloader that is called ENG Root here is a link to download G920V ENG Root Bit4+How to Flash
G920V ENG Root
h2five said:
I think no need to Downgrade the firmware if there is another method to root the phone without unlocking bootloader that is called ENG Root here is a link to download G920V ENG Root Bit4+How to Flash
G920V ENG Root
Click to expand...
Click to collapse
Thanks for the nice info,
Just curious what is Bit4? Can we flash this Eng Root to SM-G920V 7.0 but Bit4 is confusing me
please guide me in details
h2five said:
I think no need to Downgrade the firmware if there is another method to root the phone without unlocking bootloader that is called ENG Root here is a link to download G920V ENG Root Bit4+How to Flash
G920V ENG Root
Click to expand...
Click to collapse
U sure u aren't posting spam?
I have the Google Pixel on Verizon Android version 7.1.2 and Build Number NHG47Q with the latest August 5, 2017, security patch. Is it possible to unlock the bootloader and root? I purchased the Soft-Skip toolkit from mskip but have been unsuccessful trying to root and that thread doesn't have much action in it. I've read in a few other threads that it isn't possible to root with unlocking BL. So I'm confused and am wondering if any of you have other information.
No
Sent from my Pixel using XDA-Developers Legacy app
piperx said:
No
Sent from my Pixel using XDA-Developers Legacy app
Click to expand...
Click to collapse
haha, thought so.
Ever since I learned about the Google Pixel being unlocked and rooted with Verizon 7.1.1 version, I've been kicking myself for stupidly updating to 7.1.2. Well, it been a while and my phone is pressing me to update to 8.0. I've been searching for a temp root to edit the build.prop with no avail. My Question is after hesitating then giving kingroot one more shot for root access, is there a workaround for access? Here's what I have so far....
According to kingroot, it says "root successfully" however it also says "Notice: this model restricts ROOT authorization"
Looking at the OEM unlock from developer options, it's still greyed out.
Any help or solutions here?
ShadowWeasel said:
Ever since I learned about the Google Pixel being unlocked and rooted with Verizon 7.1.1 version, I've been kicking myself for stupidly updating to 7.1.2. Well, it been a while and my phone is pressing me to update to 8.0. I've been searching for a temp root to edit the build.prop with no avail. My Question is after hesitating then giving kingroot one more shot for root access, is there a workaround for access? Here's what I have so far....
According to kingroot, it says "root successfully" however it also says "Notice: this model restricts ROOT authorization"
Looking at the OEM unlock from developer options, it's still greyed out.
Any help or solutions here?
Click to expand...
Click to collapse
You don't have to have an unlocked bootloader in order to root. I've had plenty of Samsung's with root and no unlocked bootloader.
---------- Post added at 06:19 PM ---------- Previous post was at 06:04 PM ----------
Digital DJ said:
I have the Google Pixel on Verizon Android version 7.1.2 and Build Number NHG47Q with the latest August 5, 2017, security patch. Is it possible to unlock the bootloader and root? I purchased the Soft-Skip toolkit from mskip but have been unsuccessful trying to root and that thread doesn't have much action in it. I've read in a few other threads that it isn't possible to root with unlocking BL. So I'm confused and am wondering if any of you have other information.
Click to expand...
Click to collapse
In general an unlocked bootloader is not a prerequisite for root. I've had several phones with a locked bootloader but with root.
Tulsadiver said:
You don't have to have an unlocked bootloader in order to root. I've had plenty of Samsung's with root and no unlocked bootloader.
Click to expand...
Click to collapse
It claims to be rooted, but is not.... Any tips? I'm still trying both mobile and PC version. I'm kinda thinking of something between injecting thru ADB (not side loading) to finding out a way to decompile dePixel8 to make changes then recompile it to make it work. Only thing about the latter is it's years that I have done any type of actual programming and would like some steps from jcase or beaups.
---------- Post added at 02:15 AM ---------- Previous post was at 01:26 AM ----------
Here's everything I've done on rooting so far.... And supposedly kingroot apk is only way.
Others that failed includes kingroot (PC), iroot (both variants), kingoroot (both variants), skipsoft unified toolkit, Nexus root toolkit (don't ask, I leave myself open to possibilities), towelroot, z4root, pootroot, weaksauce, etc. (Even root methods as far back as to gingerbreak.)
One thing that is on my mind though is when you bring up the bootloader it shows it's being ran by Samsung?!? Any theories on that? I'm kinda leaning on looking backwards on how Samsung bootloader's were unlocked through ADB or fastboot. I remember back then there was a certain way of doing that, but my mind is moving so fast that I'm having a hard time remembering.
ShadowWeasel said:
It claims to be rooted, but is not.... Any tips? I'm still trying both mobile and PC version. I'm kinda thinking of something between injecting thru ADB (not side loading) to finding out a way to decompile dePixel8 to make changes then recompile it to make it work. Only thing about the latter is it's years that I have done any type of actual programming and would like some steps from jcase or beaups.
---------- Post added at 02:15 AM ---------- Previous post was at 01:26 AM ----------
Here's everything I've done on rooting so far.... And supposedly kingroot apk is only way.
Others that failed includes kingroot (PC), iroot (both variants), kingoroot (both variants), skipsoft unified toolkit, Nexus root toolkit (don't ask, I leave myself open to possibilities), towelroot, z4root, pootroot, weaksauce, etc. (Even root methods as far back as to gingerbreak.)
One thing that is on my mind though is when you bring up the bootloader it shows it's being ran by Samsung?!? Any theories on that? I'm kinda leaning on looking backwards on how Samsung bootloader's were unlocked through ADB or fastboot. I remember back then there was a certain way of doing that, but my mind is moving so fast that I'm having a hard time remembering.
Click to expand...
Click to collapse
I don't have any tips. Just trying to clear up a misunderstanding about bootloader and root.
---------- Post added at 07:32 PM ---------- Previous post was at 07:31 PM ----------
ShadowWeasel said:
It claims to be rooted, but is not.... Any tips? I'm still trying both mobile and PC version. I'm kinda thinking of something between injecting thru ADB (not side loading) to finding out a way to decompile dePixel8 to make changes then recompile it to make it work. Only thing about the latter is it's years that I have done any type of actual programming and would like some steps from jcase or beaups.
---------- Post added at 02:15 AM ---------- Previous post was at 01:26 AM ----------
Here's everything I've done on rooting so far.... And supposedly kingroot apk is only way.
Others that failed includes kingroot (PC), iroot (both variants), kingoroot (both variants), skipsoft unified toolkit, Nexus root toolkit (don't ask, I leave myself open to possibilities), towelroot, z4root, pootroot, weaksauce, etc. (Even root methods as far back as to gingerbreak.)
One thing that is on my mind though is when you bring up the bootloader it shows it's being ran by Samsung?!? Any theories on that? I'm kinda leaning on looking backwards on how Samsung bootloader's were unlocked through ADB or fastboot. I remember back then there was a certain way of doing that, but my mind is moving so fast that I'm having a hard time remembering.
Click to expand...
Click to collapse
I don't have any tips. Just trying to clear up a misunderstanding about a unlocked bootloader and root.
If I had the skills I think I would find someone with a pixel 2. Load an assembly language debugger and run the fastboot command that unlocks the pixel 2. If the same command could be injected into the pixels fastboot binary running on the phone you might trick it into unlocking just like the pixel 2.
Sent from my Pixel using Tapatalk
baknblack said:
If I had the skills I think I would find someone with a pixel 2. Load an assembly language debugger and run the fastboot command that unlocks the pixel 2. If the same command could be injected into the pixels fastboot binary running on the phone you might trick it into unlocking just like the pixel 2.
Click to expand...
Click to collapse
Assembly language debugger? Hmm. If this is true, wooden somebody had saved file and upload it to XDA? I'm getting curious now....
ShadowWeasel said:
Assembly language debugger? Hmm. If this is true, wooden somebody had saved file and upload it to XDA? I'm getting curious now....
Click to expand...
Click to collapse
Not many hackers are versed in assembly language. I've used it a few times over the years to patch an executable but, I had specific step by step instructions on how to do it. There are a lot of people around that know what they are doing but, I doubt we find them hanging around an android forum.
Sent from my Pixel using Tapatalk
baknblack said:
Not many hackers are versed in assembly language. I've used it a few times over the years to patch an executable but, I had specific step by step instructions on how to do it. There are a lot of people around that know what they are doing but, I doubt we find them hanging around an android forum.
Click to expand...
Click to collapse
I may check the deep web for some answers
Knowing or not knowing assembly won't help, you cannot modify the bootloader in any way when it's locked basically making this a fruitless effort.
Nick80835 said:
Knowing or not knowing assembly won't help, you cannot modify the bootloader in any way when it's locked basically making this a fruitless effort.
Click to expand...
Click to collapse
Don't need to modify the bootloader. Would just need to jump into the fastboot code in the same exact place with the same exact instruction that caused the rogue routine to run on the pixel 2. I would think it would be reasonable to assume the same coding bug that exists on the 2 might also be present in the other pixels. But, we'll never know unless someone with the knowledge were to try it.
Sent from my Pixel using Tapatalk
Tulsadiver said:
You don't have to have an unlocked bootloader in order to root. I've had plenty of Samsung's with root and no unlocked bootloader.
---------- Post added at 06:19 PM ---------- Previous post was at 06:04 PM ----------
In general an unlocked bootloader is not a prerequisite for root. I've had several phones with a locked bootloader but with root.
Click to expand...
Click to collapse
For the Pixel yes you do. You can't root without an unlocked bootloader
For what it's worth, it is relatively common any more, from what I hear, that an unlocked bootloader is required to root. The VS985 (Verizon) LG G3 was an exception in that the bootloader had an exploit that could be taken advantage of to effectively allow everything that an unlocked bootloader does. The HTC 10 is an exception in that you can just S-OFF and never unlock the bootloader and it's just as good if not better. There are always exceptions - when there are other avenues someone is clever enough to find, but as a rule going the other direction, if you can unlock the bootloader of a device, then you can usually easily root the device. As someone else said, on the Pixel, an unlocked bootloader has always been required to root.
So my s7 930u is here. I've found hundreds of methods on here and youtube and odin just fails..
Who has rooted their s7 930u android 7.0 phone. And what exact method did you use. This is getting ridiculous
tried this https://www.youtube.com/watch?v=KawiIZ4bAV8
annnnnnnd now my phone is bootlooped
im flashing 7.0 stock firmware (latest update) with odin 3.12.10
seemed to be the only odin that flashed bl + ap + cp + csc correctly for me
if anyone has the latest method used to root this phone id greatly appreciate a link or tut
removed
removed
Since the US models have a locked bootloader, it's much harder to root than international. I think they'll reject anything from Odin that isn't official firmware.
You might have more luck in the US/Snapdragon specific sections of the forums, near the bottom: https://forum.xda-developers.com/galaxy-s7
Beanvee7 said:
Since the US models have a locked bootloader, it's much harder to root than international. I think they'll reject anything from Odin that isn't official firmware.
You might have more luck in the US/Snapdragon specific sections of the forums, near the bottom: https://forum.xda-developers.com/galaxy-s7
Click to expand...
Click to collapse
I thought oem unlock was unlocking the bootloader? I can simply do that in developer options.
OEM unlock as in the developer settings menu? That toggle only works on Exynos (930F/FD/W8) devices, on Snapdragon (930U/V/T/P/A) it doesn't actually do anything. SD bootloader has and likely will always be hard locked.
Beanvee7 said:
Since the US models have a locked bootloader, it's much harder to root than international. I think they'll reject anything from Odin that isn't official firmware.
You might have more luck in the US/Snapdragon specific sections of the forums, near the bottom: https://forum.xda-developers.com/galaxy-s7
Click to expand...
Click to collapse
Beanvee7 said:
OEM unlock as in the developer settings menu? That toggle only works on Exynos (930F/FD/W8) devices, on Snapdragon (930U/V/T/P/A) it doesn't actually do anything. SD bootloader has and likely will always be hard locked.
Click to expand...
Click to collapse
So why all the tutorials and YouTube videos on all the different methods of rooting snapdragon s7 if the bootloader doesn't unlock for root. Wtf
I've never watched them so I can't say, but I would assume they would use round about methods to do it? For example Exynos is simply flash TWRP on with Odin, then flash a SU zip.
Do the youtube videos tell you to do that with the snapdragon models, or is it some arbitrary multi step process? The only way I can imagine rooting Snapdragon is exploiting security flaws. I've also seen mentions of flashfire but I don't know what it does.
Like I said you'd have better luck going to the AT&T/T-mobile/Verizon etc sections. This area of the forum is mostly for Exynos.
I don't even know what this phone classifies under.
It was a Verizon phone, with Verizon logo on back.
Unlocked.
Now it's on TMobile Network.
aarongotgame said:
I don't even know what this phone classifies under.
It was a Verizon phone, with Verizon logo on back.
Unlocked.
Now it's on TMobile Network.
Click to expand...
Click to collapse
Isn't there a method to unlock a bootloader?
Carrier unlocked just means you can use it on any carrier network, which is you've got.
But bootloader lock is at a firmware level, and can't be done for any US model S7.
Since all the US models are basically the same, any guide in any of their sections should work for any other model. Yours is a G930V but you can use any guide or firmware from any other US model S7.
You need to root using an engineering bootloader. Not sure if there's a version compatible with the latest update.
You will have problems, as eng BL is not stable, and your battery will not charge past 80%.
So basically is really difficult/impossible Root a 930u? and more difficult flash with a custom firm?
Investigating because just buy a Samsung S7 gm-930u and want to debloat it.
How can i know if is a snapdragon? I am on new zealand not US.
Rooting is difficult, flashing custom firmware, as in a ROM is basically impossible on snapdragon SoC's. With a locked bootloader you can't modify the boot image which is needed for ROMs.
To check your model boot into download mode by turning it off, then pressing and holding vol down + home + power. In there it will tell you your model, being in new zealand you should be on a SM-G930F or FD unless you grey imported.
Same button combo for ~10 secs gets you out of download mode.
Yes is the grey and is 930U pitifully.
So I should sell it and buy another one haha
Thanks for the advice.
XDA today published an article about a vulnerability in the OnePlus 6 bootloader that allows the booting of a custom boot.img image without unlocking the bootloader. This is of course a huge security risk but I'm sure OnePlus will patch it in an upcoming update. In the mean time, let's have some fun!
Back in the good old days of the Nexus 4, it was possible to install an app that would write boot config data to the device from userland, with root, to toggle the bootloader between the locked and unlocked states. The object of this post? Do this as a community for the OnePlus 6!
Why do this?
There are two major gains to being able to do this:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Netflix HD: Widevine L1 keys aren't accessible when the Bootloader is unlocked. This way, we may be able to get our Widevine keys accessible again to get HD Netflix with root
I attempted to reverse some of the bootloader on my own a few weeks back but didn't have much luck. With this vulnerability, my thoughts are that we could dump the data partitions with a locked device (that is exploited using this trick) and compare them with an unlocked device. This might give us the magic data that the bootloader uses to determine whether a device is locked or unlocked. Then, in theory, we should be able to toggle this data from userland. The only caveat to this is that I don't know whether the unlock state is stored somewhere in the TrustZone or if it is written to the flash like they did back in the Nexus days.
I honestly have no idea whether this will work, but surely it's worth a shot? Just for reference, I recommend we look at diffing following partitions before and after locking:
param
sec
sti
ssd
frp
config
misc
We should also, to ensure there is no confusion, stick to OOS 5.1.5 stock + Magisk for root. Images of the above partitions can be obtained using dd.
If anybody has any further tips on bootloaders that either proves that this won't work, or perhaps can suggest other places this lock data could be stored, please do let me know!
NB: getting this data will involve at least one full data wipe of the phone so it might take time to dump the data, switch lock state then dump it again.
I also strongly suspect that we might hit the issue of Android Verified Boot noticing that the device is locked (but has a modified boot image when rooted). This would depend on whether the Android security checks are implemented as per the Android Verified Boot specification.
Who's in?
Couldn't you just hide Netflix HD from root detection in Magisk?
dgunn said:
Couldn't you just hide Netflix HD from root detection in Magisk?
Click to expand...
Click to collapse
No. With an unlocked bootloader the device is switched to Widevine level 3 instead of level 1. This means no HD playback in Netflix (and I believe Amazon) regardless of Magisk hide status. This may be the new normal for all unlocked devices with the Qualcomm SD 845 or newer.
blackthund3r;76765953[* said:
Security: once a device is rooted we'd be able to re-lock the bootloader to prevent tampering or unauthorised images from being booted whilst keeping the perks of being rooted
Click to expand...
Click to collapse
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
RusherDude said:
Are you sure about this? On Nexus 4 days Android didn't check at boot that all partitions were correct in order to boot, since some version ago it does (DM-verity). Are you sure you can re-lock the phone with root (system or boot modified) and still boot normally to userspace?
Click to expand...
Click to collapse
Well, I can confirm that with SafetyNet test passing, and Magisk hide enabled for Netflix, I can not get HD streaming.
This is highly interesting. I will be following that threat constantly. Thanks for opening that discussion.
So does this vulnerability allow flashing or booting of TWRP through fastboot without unlocking the bootloader. I am interested in keeping Netflix HD and gaining root access, but don't want to brick the device. I know that under normal circumstances you always unlock the bootloader before flashing any mods, but was curious of some devs thoughts on it.
Interesting read. You can root the device without unlocked bootloader
https://www.androidcentral.com/oneplus-6-bootloader-vulnerability-lets-anyone-access-your-phone?amp
the question is can we keep opened this feature and force to be opened.
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
akaHardison said:
Unfortunately oneplus bootloader doesn‘t support EIO mode,so it can't be boot if anything modified.
Click to expand...
Click to collapse
Not true booted a magisk patched boot image and installed some modules
Is there Maby another methode to root hold safety net for widevine lv3
---------- Post added at 06:28 PM ---------- Previous post was at 06:23 PM ----------
joemossjr said:
Not true booted a magisk patched boot image and installed some modules
Click to expand...
Click to collapse
And did you also installed magisk to the boot img?!
Widevine L1 + V4A would make me very happy. Perhaps we should add a financial incentive like a bug bounty? I would certainly contribute some loot for this noble cause!
Since some people with OP5s and OP5Ts sent there phone to OP for L1 with the bootloader unlocked, I wonder if OP would consider offering a similar service. Even if it wasn't completely free I would probably do it unless it required re-locking the bootloader...